A DICTIONARY OF IMPORTANT TERMS ASSOCIATED WITH PENNKEY

Authentication. The method a computer system uses
to verify that an individual is who he or she claims to be. PennKey is
an authentication method. See also Authorization.

Authorization. The method a computer system uses to determine
whether or not an individual whose identity has been verified (authenticated)
is in fact eligible to use a particular service or application. Authorization
is the responsiblity of service or application owners and it works with
an authentication method. For example, only authorized individuals, not
everyone who has a registered PennKey and password, can log in to Knowledge
Link.

Challenge-Response. A convenient, secure online method for resetting
a forgotten PennKey password. Only individuals who have enrolled
in Challenge-Response can reset their passwords online. Enrollment
in Challenge-Response is optional and is not available to individuals
with Non-Persistent PennKeys.

Cleartext Password. A password that is transmitted across the
network without being encrypted. Such passwords are vulnerable to being
intercepted by intruders and other unauthorized persons.

Penn
ID. A unique eight-digit number issued to Penn and UPHS affliates.
University offices frequently require a Penn ID for identification in
situations where they formerly required an individual's Social Security
Number. PennCard holders will find their Penn ID printed on their PennCard
-- it is the middle 8-digit sequence of numbers at the bottom of the card.
See also PennCard Number and PennKey.

PennCard. Your University ID card showing your photo and PennCard
Number. For Penn faculty, staff, and students, a PennCard is a required form of photo ID at PennKey Administration Stations.

PennKey. An individual's user name in the PennKey Authentication
System. Your PennKey is based on your PennName, a unique identifier that
is the basis for user names in an increasing number of University systems.
You must register your PennKey and associated password before you can
access any services that use PennKey authentication. See also Non-Persistent
PennKey and Penn ID.

PennKey Administration Station. A campus
location where you can obtain a PennKey Setup Code.

PennKey Authentication. The authentication system that was introduced
at Penn in October 2002 and the Health System in 2004. See also Authentication.

PennKey
Set-Up Code. A temporary identifier that is issued when needed
to register a PennKey. See also
Challenge-Response.

Secure Client. Desktop software that is used to access a service
that has been secured using Kerberos, SSH, SSL/TL, or another technology
that employs strong encryption.

Setup Code. See PennKey Setup Code.

Single Sign-On. The ability to authenticate once and access multiple
electronic services, rather than authenticating separately to each service.
Kerberos, the technology underlying PennKey, provides a foundation for
single sign-on.

SSL/TLS. Secure Socket Layer/Transport Layer Security. A technology
used to secure services on host computers. SSL/TLS uses strong encryption
for passwords. SSL/TLS is one of several strong security technologies
in use at Penn. See also SSH, Kerberos, and Strong Encryption.

Strong Encryption. A method of securing information so that it
cannot easily be intercepted and deciphered by an intruder. For services
that require passwords to be transmitted across the network, strong encryption
is the minimum standard on Penn's critical hosts. See also Critical Host
Policy.